CVE-2025-20393
Cisco Multiple Products Improper Input Validation Vulnerability
⚠ KEVEPSS 6.5%
Description
Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance.
How to fix CVE-2025-20393
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2025-20393 being exploited?
Yes — CVE-2025-20393 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.